This Privacy Policy describes how NetNodes Limited and its affiliates ("DoorFlow," "we," "our" or "us") collect, use, and share information in connection with your use of our websites (including www.doorflow.com), services, and applications (collectively, the "Services").

This Privacy Policy (the "Privacy Policy") does not apply to information our customers may process when using our Services.

1. INFORMATION WE COLLECT

A. Information You Provide

Account Registration

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number. If you choose to refer a friend to our Services, we may also collect your friend’s email address so that we may send them a referral or promotional code to sign up for our Services.

Payment Information

When you add your financial account information to your Account, that information is directed to our third-party payment processor. We do not store your financial account information on our systems; however, we have access to, and may retain, subscriber information through our third-party payment processor.

Communications

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us.

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

B. Information provided by End Users

DoorFlow provides the capability for End Users to store basic personal information such as an individual’s name, email address and photograph. This information is used to correlate security events to the correct individual and to offer further functionality to the End User.

C. Information We Collect When You Use Our Services.

Log Information

DoorFlow records the actions of system Administrators, as well as the status and the settings of various devices that have been configured to operate with DoorFlow. Customer Data entered in a DoorFlow account by End Users or collected through the operation of the system are for the exclusive use of our End Users. DoorFlow staff may access Customer Data only for the purposes of providing and supporting the functionality of the Products, preventing or addressing service or technical problems, or as may be required by law.

Information generated from events

DoorFlow collects access control event data - for example that an access card was used at a particular door at a certain time.

Cookies and Other Tracking Technologies

As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our web servers to recognise you. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Services, about the functionality of our Services, frequency of visits, and other information related to your interactions with the Services. We may track your use across different websites and services. In some countries, including countries in the European Economic Area ("EEA"), the information referenced above in this paragraph may be considered personal information under applicable data protection laws.

D. Information We Receive from Third Parties

Third-Party Accounts. If you choose to link our Services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account, to authorise linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

Third-Party Partners. We may also receive publicly available information about you from our third-party partners and combine it with data that we have about you.

2. HOW WE USE INFORMATION

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our Services;
  • Improve, personalise, and expand our Services;
  • Understand and analyse how you use our Services;
  • Develop new products, services, features, and functionality;
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes;
  • Process your transactions;
  • Send you text messages and push notifications;
  • Find and prevent fraud; and
  • For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

3. HOW WE SHARE INFORMATION

Aggregate Information. Where legally permissible, we may use and share information about users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you.

Analytics. We use analytics providers such as Google Analytics. Google Analytics uses cookies to collect non-identifying information. Google provides some additional privacy options regarding its Analytics cookies at http://www.google.com/policies/privacy/partners/.

Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

As Required By Law and Similar Disclosures. We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

4. LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

5. THIRD PARTY SERVICES

You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.

6. SECURITY

DoorFlow is committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.

7. DATA RETENTION

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. ACCESS

If you are a registered user, you may access certain information associated with your Account by logging into our Services or emailing privacy@doorflow.com. If you terminate your Account, any public activity on your Account prior to deletion may remain stored on our servers and may remain accessible to other Users of the account.

To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your information. The information you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: inhibit DoorFlow's ability to comply with a legal obligation; inhibit DoorFlow's ability to investigate, make or defend legal claims; result in disclosure of personal information about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to DoorFlow or a third party.

9. HOW GDPR RELATES TO OUR SERVICES

In the context of the GDPR, individuals with data stored in DoorFlow or individuals using DoorFlow applications are considered Data Subjects. DoorFlow end-users and in some cases DoorFlow Resellers are considered Data Controllers. DoorFlow is a Data Processor.

As a Data Processor, DoorFlow is the responsible custodian of the Data Subject’s data, performing this role on behalf of the Data Controller. The Data Controller is completely responsible to determine what data is captured, stored and processed within DoorFlow. The Data Controller is the owner of the data. DoorFlow does not rent, share, disclose or sell any data owned by the Data Controller.

Within our service model, most Data Subjects will have no direct interaction with the DoorFlow application that captures and stores their data. Most Data Subjects will be employees or contractors of the Data Controller. Data is captured based on their relationship with the Data Controller. The Data Controller is responsible for gaining explicit consent from the Data Subject regarding the data to be stored.

Data Subject requests to purge data from DoorFlow is subject to Terms of Service agreed with the Data Controller and will be adjudicated by the Data Controller.

In cases where Data Subjects use DoorFlow websites or applications directly, DoorFlow is the Data Controller and as such is responsible for gaining explicit or unambiguous consent based on the type of data collected.

Data Subject requests to purge data collected directly by DoorFlow will be adjudicated by DoorFlow staff.

The GDPR includes provisions that grant Data Subjects portability rights in their personal data. Any personal data we store on behalf of Data Controllers belongs to the Data Subjects'. We will coordinate with Data Subjects and, as applicable Data Controllers, when requested to delete or port data. We provide tools for portability and are continually working to enhance our data export capabilities.

10. YOUR CHOICES

You may unsubscribe from receiving certain promotional emails from us. If you wish to do so, simply follow the instructions found at the end of the email. Even if you unsubscribe, we may still contact you for informational, transactional, account-related, or similar purposes.

Many browsers have an option for disabling cookies, which may prevent your browser from accepting new cookies or enable selective use of cookies. Please note that, if you choose not to accept cookies, some features and the personalization of our Services may no longer work for you. You will continue to receive advertising material but it will not be tailored to your interests.

11. CHILDREN'S PRIVACY

Children under 13 are prohibited from using our Services. If you learn that a child has provided us with personal information in violation of this Privacy Policy, you can alert us at privacy@doorflow.com.

12. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be modified from time to time, so please review it frequently. Changes to this Privacy Policy will be posted on our websites. If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will notify you through our Services, by email, or other communication.

Contact Us

If you have any questions or concerns about this Privacy Policy, please feel free to email us at privacy@doorflow.com.

The data controller of your personal information is NetNodes Limited.